package gurux.dlms.objects;

import gurux.dlms.GXByteBuffer;
import gurux.dlms.GXDLMSClient;
import gurux.dlms.GXDLMSSettings;
import gurux.dlms.GXDLMSTranslator;
import gurux.dlms.GXSimpleEntry;
import gurux.dlms.ValueEventArgs;
import gurux.dlms.asn.GXAsn1Converter;
import gurux.dlms.asn.GXAsn1Sequence;
import gurux.dlms.asn.GXPkcs10;
import gurux.dlms.asn.GXPkcs8;
import gurux.dlms.asn.GXx509Certificate;
import gurux.dlms.asn.GXx509CertificateCollection;
import gurux.dlms.asn.enums.Ecc;
import gurux.dlms.asn.enums.KeyUsage;
import gurux.dlms.ecdsa.GXEcdsa;
import gurux.dlms.enums.BerType;
import gurux.dlms.enums.DataType;
import gurux.dlms.enums.ErrorCode;
import gurux.dlms.enums.ObjectType;
import gurux.dlms.enums.Security;
import gurux.dlms.enums.Signing;
import gurux.dlms.internal.GXCommon;
import gurux.dlms.internal.GXDataInfo;
import gurux.dlms.objects.enums.CertificateEntity;
import gurux.dlms.objects.enums.CertificateType;
import gurux.dlms.objects.enums.GlobalKeyType;
import gurux.dlms.objects.enums.SecurityPolicy;
import gurux.dlms.objects.enums.SecuritySuite;
import gurux.dlms.secure.GXDLMSSecureClient;
import gurux.dlms.secure.GXSecure;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyAgreement;
import javax.crypto.NoSuchPaddingException;
import javax.xml.stream.XMLStreamException;

/* loaded from: input_file:gurux/dlms/objects/GXDLMSSecuritySetup.class */
public class GXDLMSSecuritySetup extends GXDLMSObject implements IGXDLMSBase {
    private byte[] guek;
    private byte[] gbek;
    private byte[] gak;
    private byte[] kek;
    public KeyPair signingKey;
    public KeyPair keyAgreement;
    public KeyPair tls;
    public GXx509CertificateCollection serverCertificates;
    private Set<SecurityPolicy> securityPolicy;
    private SecuritySuite securitySuite;
    private byte[] serverSystemTitle;
    private byte[] clientSystemTitle;
    private GXDLMSCertificateCollection certificates;

    public GXDLMSSecuritySetup() {
        this("0.0.43.0.0.255");
    }

    public GXDLMSSecuritySetup(String str) {
        this(str, 0);
    }

    public GXDLMSSecuritySetup(String str, int i) {
        super(ObjectType.SECURITY_SETUP, str, i);
        this.serverCertificates = new GXx509CertificateCollection();
        this.securityPolicy = new HashSet();
        this.securitySuite = SecuritySuite.SUITE_0;
        this.certificates = new GXDLMSCertificateCollection();
        setVersion(1);
        this.gbek = null;
        this.guek = new byte[]{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15};
        this.gak = new byte[]{-48, -47, -46, -45, -44, -43, -42, -41, -40, -39, -38, -37, -36, -35, -34, -33};
        setKek("1111111111111111".getBytes());
    }

    public byte[] getGuek() {
        return this.guek;
    }

    public void setGuek(byte[] bArr) {
        if ((bArr != null && bArr.length != 0 && getSecuritySuite() != SecuritySuite.SUITE_2 && bArr.length != 16) || (getSecuritySuite() == SecuritySuite.SUITE_2 && bArr.length != 32)) {
            throw new IllegalArgumentException("Invalid Guek");
        }
        this.guek = bArr;
    }

    public byte[] getGbek() {
        return this.gbek;
    }

    public void setGbek(byte[] bArr) {
        if ((bArr != null && bArr.length != 0 && getSecuritySuite() != SecuritySuite.SUITE_2 && bArr.length != 16) || (getSecuritySuite() == SecuritySuite.SUITE_2 && bArr.length != 32)) {
            throw new IllegalArgumentException("Invalid Gbek");
        }
        this.gbek = bArr;
    }

    public byte[] getGak() {
        return this.gak;
    }

    public void setGak(byte[] bArr) {
        if ((bArr != null && bArr.length != 0 && getSecuritySuite() != SecuritySuite.SUITE_2 && bArr.length != 16) || (getSecuritySuite() == SecuritySuite.SUITE_2 && bArr.length != 32)) {
            throw new IllegalArgumentException("Invalid Gak");
        }
        this.gak = bArr;
    }

    public byte[] getKek() {
        return this.kek;
    }

    public void setKek(byte[] bArr) {
        this.kek = bArr;
    }

    public final Set<SecurityPolicy> getSecurityPolicy() {
        return this.securityPolicy;
    }

    public final void setSecurityPolicy(Set<SecurityPolicy> set) {
        this.securityPolicy = set;
    }

    public final SecuritySuite getSecuritySuite() {
        return this.securitySuite;
    }

    public final void setSecuritySuite(SecuritySuite securitySuite) {
        this.securitySuite = securitySuite;
    }

    public final byte[] getClientSystemTitle() {
        return this.clientSystemTitle;
    }

    public final void setClientSystemTitle(byte[] bArr) {
        if (bArr != null && bArr.length != 0 && bArr.length != 8) {
            throw new IllegalArgumentException("Invalid client system title.");
        }
        this.clientSystemTitle = bArr;
    }

    public final byte[] getServerSystemTitle() {
        return this.serverSystemTitle;
    }

    public final void setServerSystemTitle(byte[] bArr) {
        if (bArr != null && bArr.length != 0 && bArr.length != 8) {
            throw new IllegalArgumentException("Invalid server system title.");
        }
        this.serverSystemTitle = bArr;
    }

    public final GXDLMSCertificateCollection getCertificates() {
        return this.certificates;
    }

    @Override // gurux.dlms.objects.GXDLMSObject
    public final Object[] getValues() {
        return new Object[]{getLogicalName(), this.securityPolicy, this.securitySuite, this.clientSystemTitle, this.serverSystemTitle, this.certificates};
    }

    public final byte[][] activate(GXDLMSClient gXDLMSClient, SecurityPolicy securityPolicy) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, SignatureException {
        return gXDLMSClient.method(this, 1, Integer.valueOf(securityPolicy.getValue()), DataType.ENUM);
    }

    public final byte[][] activate(GXDLMSClient gXDLMSClient, Set<SecurityPolicy> set) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, SignatureException {
        return gXDLMSClient.method(this, 1, Integer.valueOf(SecurityPolicy.toInteger(set)), DataType.ENUM);
    }

    public static GXPkcs10 parseCertificate(GXByteBuffer gXByteBuffer) {
        return new GXPkcs10((byte[]) GXCommon.getData(null, gXByteBuffer, new GXDataInfo()));
    }

    public final byte[][] globalKeyTransfer(GXDLMSClient gXDLMSClient, byte[] bArr, List<GXSimpleEntry<GlobalKeyType, byte[]>> list) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, SignatureException {
        if (list == null || list.isEmpty()) {
            throw new IllegalArgumentException("Invalid list. It is empty.");
        }
        GXByteBuffer gXByteBuffer = new GXByteBuffer();
        gXByteBuffer.setUInt8(DataType.ARRAY.getValue());
        gXByteBuffer.setUInt8((byte) list.size());
        for (GXSimpleEntry<GlobalKeyType, byte[]> gXSimpleEntry : list) {
            gXByteBuffer.setUInt8(DataType.STRUCTURE.getValue());
            gXByteBuffer.setUInt8(2);
            GXCommon.setData(null, gXByteBuffer, DataType.ENUM, Integer.valueOf(gXSimpleEntry.getKey().ordinal()));
            GXCommon.setData(null, gXByteBuffer, DataType.OCTET_STRING, GXDLMSSecureClient.encrypt(bArr, gXSimpleEntry.getValue()));
        }
        return gXDLMSClient.method(this, 2, gXByteBuffer.array(), DataType.ARRAY);
    }

    public final byte[][] keyAgreement(GXDLMSClient gXDLMSClient, List<GXSimpleEntry<GlobalKeyType, byte[]>> list) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, SignatureException {
        if (list == null || list.isEmpty()) {
            throw new IllegalArgumentException("Invalid list. It is empty.");
        }
        GXByteBuffer gXByteBuffer = new GXByteBuffer();
        gXByteBuffer.setUInt8(DataType.ARRAY.getValue());
        gXByteBuffer.setUInt8((byte) list.size());
        for (GXSimpleEntry<GlobalKeyType, byte[]> gXSimpleEntry : list) {
            gXByteBuffer.setUInt8(DataType.STRUCTURE.getValue());
            gXByteBuffer.setUInt8(2);
            GXCommon.setData(null, gXByteBuffer, DataType.ENUM, Integer.valueOf(gXSimpleEntry.getKey().ordinal()));
            GXCommon.setData(null, gXByteBuffer, DataType.OCTET_STRING, gXSimpleEntry.getValue());
        }
        return gXDLMSClient.method(this, 3, gXByteBuffer.array(), DataType.ARRAY);
    }

    public final byte[][] keyAgreement(GXDLMSSecureClient gXDLMSSecureClient, GlobalKeyType globalKeyType) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
        GXByteBuffer gXByteBuffer = new GXByteBuffer();
        byte[] ephemeralPublicKeyData = GXSecure.getEphemeralPublicKeyData(globalKeyType.ordinal(), gXDLMSSecureClient.getCiphering().getEphemeralKeyPair().getPublic());
        gXByteBuffer.set(ephemeralPublicKeyData, 1, 64);
        Logger.getLogger(GXDLMSSecuritySetup.class.getName()).log(Level.INFO, "Signin public key: {0}", gXDLMSSecureClient.getCiphering().getSigningKeyPair().getPublic());
        byte[] ephemeralPublicKeySignature = GXSecure.getEphemeralPublicKeySignature(globalKeyType.ordinal(), gXDLMSSecureClient.getCiphering().getEphemeralKeyPair().getPublic(), gXDLMSSecureClient.getCiphering().getSigningKeyPair().getPrivate());
        gXByteBuffer.set(ephemeralPublicKeySignature);
        Logger.getLogger(GXDLMSSecuritySetup.class.getName()).log(Level.FINEST, "Data: {0}", GXCommon.toHex(ephemeralPublicKeyData));
        Logger.getLogger(GXDLMSSecuritySetup.class.getName()).log(Level.FINEST, "Sign: {0}", GXCommon.toHex(ephemeralPublicKeySignature));
        ArrayList arrayList = new ArrayList();
        arrayList.add(new GXSimpleEntry<>(globalKeyType, gXByteBuffer.array()));
        return keyAgreement(gXDLMSSecureClient, arrayList);
    }

    public final byte[][] generateKeyPair(GXDLMSClient gXDLMSClient, CertificateType certificateType) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, SignatureException {
        return gXDLMSClient.method(this, 4, Integer.valueOf(certificateType.getValue()), DataType.ENUM);
    }

    public final byte[][] generateCertificate(GXDLMSClient gXDLMSClient, CertificateType certificateType) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, SignatureException {
        return gXDLMSClient.method(this, 5, Integer.valueOf(certificateType.getValue()), DataType.ENUM);
    }

    public final byte[][] importCertificate(GXDLMSClient gXDLMSClient, GXx509Certificate gXx509Certificate) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, SignatureException {
        return importCertificate(gXDLMSClient, gXx509Certificate.getEncoded());
    }

    public final byte[][] importCertificate(GXDLMSClient gXDLMSClient, byte[] bArr) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, SignatureException {
        return gXDLMSClient.method(this, 6, bArr, DataType.OCTET_STRING);
    }

    public final byte[][] exportCertificateByEntity(GXDLMSSecureClient gXDLMSSecureClient, CertificateEntity certificateEntity, CertificateType certificateType, byte[] bArr) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, SignatureException {
        if (bArr == null || bArr.length == 0) {
            throw new IllegalArgumentException("Invalid system title.");
        }
        GXByteBuffer gXByteBuffer = new GXByteBuffer();
        gXByteBuffer.setUInt8(DataType.STRUCTURE.getValue());
        gXByteBuffer.setUInt8(2);
        gXByteBuffer.setUInt8(DataType.ENUM.getValue());
        gXByteBuffer.setUInt8(0);
        gXByteBuffer.setUInt8(DataType.STRUCTURE.getValue());
        gXByteBuffer.setUInt8(3);
        gXByteBuffer.setUInt8(DataType.ENUM.getValue());
        gXByteBuffer.setUInt8(certificateEntity.getValue());
        gXByteBuffer.setUInt8(DataType.ENUM.getValue());
        gXByteBuffer.setUInt8(certificateType.getValue());
        GXCommon.setData(null, gXByteBuffer, DataType.OCTET_STRING, bArr);
        return gXDLMSSecureClient.method(this, 7, gXByteBuffer.array(), DataType.STRUCTURE);
    }

    private static void verifyIssuer(byte[] bArr) {
        if (bArr != null) {
            try {
                if (bArr.length != 0) {
                    GXAsn1Converter.fromByteArray(bArr);
                    return;
                }
            } catch (Exception e) {
                throw new IllegalArgumentException("Invalid issuer. Issuer must be in ASN1 format.");
            }
        }
        throw new IllegalArgumentException();
    }

    public final byte[][] exportCertificateBySerial(GXDLMSSecureClient gXDLMSSecureClient, BigInteger bigInteger, byte[] bArr) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, SignatureException {
        verifyIssuer(bArr);
        GXByteBuffer gXByteBuffer = new GXByteBuffer();
        gXByteBuffer.setUInt8(DataType.STRUCTURE.getValue());
        gXByteBuffer.setUInt8(2);
        gXByteBuffer.setUInt8(DataType.ENUM.getValue());
        gXByteBuffer.setUInt8(1);
        gXByteBuffer.setUInt8(DataType.STRUCTURE.getValue());
        gXByteBuffer.setUInt8(2);
        GXCommon.setData(null, gXByteBuffer, DataType.OCTET_STRING, bigInteger.toByteArray());
        GXCommon.setData(null, gXByteBuffer, DataType.OCTET_STRING, bArr);
        return gXDLMSSecureClient.method(this, 7, gXByteBuffer.array(), DataType.STRUCTURE);
    }

    public final byte[][] removeCertificateByEntity(GXDLMSSecureClient gXDLMSSecureClient, CertificateEntity certificateEntity, CertificateType certificateType, byte[] bArr) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, SignatureException {
        GXByteBuffer gXByteBuffer = new GXByteBuffer();
        gXByteBuffer.setUInt8(DataType.STRUCTURE.getValue());
        gXByteBuffer.setUInt8(2);
        gXByteBuffer.setUInt8(DataType.ENUM.getValue());
        gXByteBuffer.setUInt8(0);
        gXByteBuffer.setUInt8(DataType.STRUCTURE.getValue());
        gXByteBuffer.setUInt8(3);
        gXByteBuffer.setUInt8(DataType.ENUM.getValue());
        gXByteBuffer.setUInt8(certificateEntity.getValue());
        gXByteBuffer.setUInt8(DataType.ENUM.getValue());
        gXByteBuffer.setUInt8(certificateType.getValue());
        GXCommon.setData(null, gXByteBuffer, DataType.OCTET_STRING, bArr);
        return gXDLMSSecureClient.method(this, 8, gXByteBuffer.array(), DataType.STRUCTURE);
    }

    public final byte[][] removeCertificateBySerial(GXDLMSSecureClient gXDLMSSecureClient, String str, byte[] bArr) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, SignatureException {
        verifyIssuer(bArr);
        GXByteBuffer gXByteBuffer = new GXByteBuffer();
        gXByteBuffer.setUInt8(DataType.STRUCTURE.getValue());
        gXByteBuffer.setUInt8(2);
        gXByteBuffer.setUInt8(DataType.ENUM.getValue());
        gXByteBuffer.setUInt8(1);
        gXByteBuffer.setUInt8(DataType.STRUCTURE.getValue());
        gXByteBuffer.setUInt8(2);
        GXCommon.setData(null, gXByteBuffer, DataType.OCTET_STRING, str.getBytes());
        GXCommon.setData(null, gXByteBuffer, DataType.OCTET_STRING, bArr);
        return gXDLMSSecureClient.method(this, 8, gXByteBuffer.array(), DataType.STRUCTURE);
    }

    @Override // gurux.dlms.objects.GXDLMSObject, gurux.dlms.objects.IGXDLMSBase
    public final byte[] invoke(GXDLMSSettings gXDLMSSettings, ValueEventArgs valueEventArgs) {
        if (this.securitySuite == SecuritySuite.SUITE_0 && valueEventArgs.getIndex() > 3) {
            throw new IllegalArgumentException("Invalid Security Suite Version.");
        }
        switch (valueEventArgs.getIndex()) {
            case 1:
                securityActivate(gXDLMSSettings, valueEventArgs);
                return null;
            case 2:
                keyTransfer(gXDLMSSettings, valueEventArgs);
                return null;
            case 3:
                return invokeKeyAgreement(gXDLMSSettings, valueEventArgs);
            case 4:
                generateKeyPair(gXDLMSSettings, valueEventArgs);
                return null;
            case 5:
                return generateCertificateRequest(gXDLMSSettings, valueEventArgs);
            case 6:
                importCertificate(gXDLMSSettings, valueEventArgs);
                return null;
            case BerType.OBJECT_DESCRIPTOR /* 7 */:
                return exportCertificate(valueEventArgs);
            case 8:
                removeCertificate(valueEventArgs);
                return null;
            default:
                valueEventArgs.setError(ErrorCode.READ_WRITE_DENIED);
                return null;
        }
    }

    private void removeCertificate(ValueEventArgs valueEventArgs) {
        List list = (List) valueEventArgs.getParameters();
        short shortValue = ((Number) list.get(0)).shortValue();
        List list2 = (List) list.get(1);
        GXx509Certificate gXx509Certificate = null;
        if (shortValue == 0) {
            gXx509Certificate = findCertificateByEntity(this.serverCertificates, CertificateEntity.forValue(((Number) list2.get(0)).intValue()), CertificateType.forValue(((Number) list2.get(1)).intValue()), (byte[]) list2.get(2));
        } else if (shortValue == 1) {
            gXx509Certificate = this.serverCertificates.findBySerial(new BigInteger((byte[]) list2.get(0)), new String((byte[]) list2.get(1)));
        }
        if (gXx509Certificate == null) {
            valueEventArgs.setError(ErrorCode.INCONSISTENT_CLASS);
        } else {
            this.serverCertificates.remove(gXx509Certificate);
        }
    }

    private static String getStringFromAsn1(byte[] bArr) {
        Object fromByteArray = GXAsn1Converter.fromByteArray(bArr);
        return fromByteArray instanceof GXAsn1Sequence ? GXAsn1Converter.getSubject((GXAsn1Sequence) fromByteArray) : fromByteArray.toString();
    }

    private byte[] exportCertificate(ValueEventArgs valueEventArgs) {
        String str;
        List list = (List) valueEventArgs.getParameters();
        short shortValue = ((Number) list.get(0)).shortValue();
        GXx509Certificate gXx509Certificate = null;
        List list2 = (List) list.get(1);
        synchronized (this.serverCertificates) {
            if (shortValue == 0) {
                gXx509Certificate = findCertificateByEntity(this.serverCertificates, CertificateEntity.forValue(((Number) list2.get(0)).shortValue()), CertificateType.forValue(((Number) list2.get(1)).shortValue()), (byte[]) list2.get(2));
            } else if (shortValue == 1) {
                try {
                    str = getStringFromAsn1((byte[]) list2.get(1));
                } catch (Exception e) {
                    str = new String((byte[]) list2.get(1));
                }
                gXx509Certificate = this.serverCertificates.findBySerial(new BigInteger((byte[]) list2.get(0)), str);
            }
            if (gXx509Certificate == null) {
                valueEventArgs.setError(ErrorCode.INCONSISTENT_CLASS);
                return null;
            }
            Logger.getLogger(GXDLMSSecuritySetup.class.getName()).log(Level.INFO, "Export certificate: {0}", gXx509Certificate.getSerialNumber());
            return gXx509Certificate.getEncoded();
        }
    }

    private void importCertificate(GXDLMSSettings gXDLMSSettings, ValueEventArgs valueEventArgs) {
        GXx509Certificate gXx509Certificate = new GXx509Certificate((byte[]) valueEventArgs.getParameters());
        byte[] serverSystemTitle = getServerSystemTitle();
        if (serverSystemTitle == null) {
            serverSystemTitle = gXDLMSSettings.getCipher().getSystemTitle();
        }
        String systemTitleToSubject = GXAsn1Converter.systemTitleToSubject(serverSystemTitle);
        boolean contains = gXx509Certificate.getSubject().contains(systemTitleToSubject);
        int integer = KeyUsage.toInteger(gXx509Certificate.getKeyUsage());
        if (integer == KeyUsage.KEY_AGREEMENT.getValue() || integer == KeyUsage.DIGITAL_SIGNATURE.getValue() || integer == (KeyUsage.KEY_AGREEMENT.getValue() | KeyUsage.DIGITAL_SIGNATURE.getValue())) {
            for (GXx509Certificate gXx509Certificate2 : this.serverCertificates.getCertificates(gXx509Certificate.getKeyUsage())) {
                if (gXx509Certificate2.getSubject().contains(systemTitleToSubject) == contains) {
                    this.serverCertificates.remove(gXx509Certificate2);
                }
            }
        } else {
            valueEventArgs.setError(ErrorCode.INCONSISTENT_CLASS);
        }
        this.serverCertificates.add(gXx509Certificate);
        Logger.getLogger(GXDLMSSecuritySetup.class.getName()).log(Level.INFO, "New certificate imported: {0}", gXx509Certificate.getSerialNumber());
    }

    private byte[] generateCertificateRequest(GXDLMSSettings gXDLMSSettings, ValueEventArgs valueEventArgs) {
        CertificateType forValue = CertificateType.forValue(((Number) valueEventArgs.getParameters()).intValue());
        byte[] serverSystemTitle = getServerSystemTitle();
        if (serverSystemTitle == null) {
            serverSystemTitle = gXDLMSSettings.getCipher().getSystemTitle();
        }
        try {
            KeyPair keyPair = null;
            switch (forValue) {
                case DIGITAL_SIGNATURE:
                    keyPair = this.signingKey;
                    break;
                case KEY_AGREEMENT:
                    keyPair = this.keyAgreement;
                    break;
                case TLS:
                    keyPair = this.tls;
                    break;
            }
            if (keyPair != null) {
                return GXCommon.fromBase64(GXPkcs10.createCertificateSigningRequest(keyPair, GXAsn1Converter.systemTitleToSubject(serverSystemTitle)).toDer());
            }
            valueEventArgs.setError(ErrorCode.INCONSISTENT_CLASS);
            return null;
        } catch (Exception e) {
            valueEventArgs.setError(ErrorCode.INCONSISTENT_CLASS);
            return null;
        }
    }

    private void generateKeyPair(GXDLMSSettings gXDLMSSettings, ValueEventArgs valueEventArgs) {
        CertificateType forValue = CertificateType.forValue(((Number) valueEventArgs.getParameters()).intValue());
        try {
            KeyPair generateKeyPair = GXEcdsa.generateKeyPair(Ecc.P256);
            switch (forValue) {
                case DIGITAL_SIGNATURE:
                    this.signingKey = generateKeyPair;
                    break;
                case KEY_AGREEMENT:
                    this.keyAgreement = generateKeyPair;
                case TLS:
                    this.tls = generateKeyPair;
                    break;
                default:
                    valueEventArgs.setError(ErrorCode.INCONSISTENT_CLASS);
                    break;
            }
        } catch (Exception e) {
            valueEventArgs.setError(ErrorCode.INCONSISTENT_CLASS);
        }
    }

    private byte[] invokeKeyAgreement(GXDLMSSettings gXDLMSSettings, ValueEventArgs valueEventArgs) {
        try {
            List list = (List) ((List) valueEventArgs.getParameters()).get(0);
            short shortValue = ((Number) list.get(0)).shortValue();
            if (shortValue != 0) {
                valueEventArgs.setError(ErrorCode.READ_WRITE_DENIED);
                return null;
            }
            byte[] bArr = (byte[]) list.get(1);
            GXByteBuffer gXByteBuffer = new GXByteBuffer(65);
            gXByteBuffer.setUInt8(shortValue);
            gXByteBuffer.set(bArr, 0, 64);
            GXByteBuffer gXByteBuffer2 = new GXByteBuffer();
            gXByteBuffer2.set(bArr, 64, 64);
            PublicKey publicKey = gXDLMSSettings.getCipher().getKeyAgreementKeyPair().getPublic();
            if (publicKey == null || !GXSecure.validateEphemeralPublicKeySignature(gXByteBuffer.array(), gXByteBuffer2.array(), publicKey)) {
                valueEventArgs.setError(ErrorCode.READ_WRITE_DENIED);
                gXDLMSSettings.setTargetEphemeralKey(null);
                return null;
            }
            valueEventArgs.setByteArray(true);
            gXDLMSSettings.setTargetEphemeralKey(GXAsn1Converter.getPublicKey(gXByteBuffer.subArray(1, 64)));
            gXDLMSSettings.getCipher().getEphemeralKeyPair();
            KeyPair generateKeyPair = GXEcdsa.generateKeyPair(Ecc.P256);
            gXDLMSSettings.getCipher().setEphemeralKeyPair(generateKeyPair);
            KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
            keyAgreement.init(generateKeyPair.getPrivate());
            keyAgreement.doPhase(gXDLMSSettings.getTargetEphemeralKey(), true);
            byte[] generateSecret = keyAgreement.generateSecret();
            Logger.getLogger(GXDLMSSecuritySetup.class.getName()).log(Level.FINEST, "Server shared secret: {0}", GXCommon.toHex(generateSecret));
            GXByteBuffer gXByteBuffer3 = new GXByteBuffer();
            gXByteBuffer3.setUInt8(DataType.ARRAY);
            gXByteBuffer3.setUInt8(1);
            gXByteBuffer3.setUInt8(DataType.STRUCTURE);
            gXByteBuffer3.setUInt8(2);
            gXByteBuffer3.setUInt8(22);
            gXByteBuffer3.setUInt8(0);
            gXByteBuffer3.setUInt8(DataType.OCTET_STRING);
            GXCommon.setObjectCount(BerType.CONTEXT, gXByteBuffer3);
            byte[] ephemeralPublicKeyData = GXSecure.getEphemeralPublicKeyData(shortValue, generateKeyPair.getPublic());
            gXByteBuffer3.set(ephemeralPublicKeyData, 1, 64);
            byte[] ephemeralPublicKeySignature = GXSecure.getEphemeralPublicKeySignature(shortValue, generateKeyPair.getPublic(), gXDLMSSettings.getCipher().getSigningKeyPair().getPrivate());
            gXByteBuffer3.set(ephemeralPublicKeySignature);
            Logger.getLogger(GXDLMSSecuritySetup.class.getName()).log(Level.FINEST, "Data: {0}", GXCommon.toHex(ephemeralPublicKeyData));
            Logger.getLogger(GXDLMSSecuritySetup.class.getName()).log(Level.FINEST, "Sign: {0}", GXCommon.toHex(ephemeralPublicKeySignature));
            byte[] hexToBytes = GXCommon.hexToBytes("60857405080300");
            GXByteBuffer gXByteBuffer4 = new GXByteBuffer();
            gXByteBuffer4.set(GXSecure.generateKDF("SHA-256", generateSecret, 256, hexToBytes, gXDLMSSettings.getSourceSystemTitle(), gXDLMSSettings.getCipher().getSystemTitle(), null, null), 0, 16);
            Logger.getLogger(GXDLMSSecuritySetup.class.getName()).log(Level.INFO, "GUEK: {0}", gXByteBuffer4);
            gXDLMSSettings.getCipher().setSigning(Signing.EPHEMERAL_UNIFIED_MODEL);
            switch (GlobalKeyType.values()[shortValue]) {
                case BROADCAST_ENCRYPTION:
                    this.gbek = gXByteBuffer4.array();
                    break;
                case UNICAST_ENCRYPTION:
                    this.guek = gXByteBuffer4.array();
                    break;
                case AUTHENTICATION:
                    this.gak = gXByteBuffer4.array();
                    break;
                case KEK:
                    this.kek = gXByteBuffer4.array();
                    break;
                default:
                    valueEventArgs.setError(ErrorCode.INCONSISTENT_CLASS);
                    break;
            }
            return gXByteBuffer3.array();
        } catch (Exception e) {
            valueEventArgs.setError(ErrorCode.INCONSISTENT_CLASS);
            return null;
        }
    }

    private void keyTransfer(GXDLMSSettings gXDLMSSettings, ValueEventArgs valueEventArgs) {
        try {
            for (List list : (List) valueEventArgs.getParameters()) {
                GlobalKeyType globalKeyType = GlobalKeyType.values()[((Number) list.get(0)).intValue()];
                byte[] bArr = (byte[]) list.get(1);
                switch (globalKeyType) {
                    case BROADCAST_ENCRYPTION:
                        this.gbek = GXDLMSSecureClient.decrypt(gXDLMSSettings.getKek(), bArr);
                        break;
                    case UNICAST_ENCRYPTION:
                        this.guek = GXDLMSSecureClient.decrypt(gXDLMSSettings.getKek(), bArr);
                        break;
                    case AUTHENTICATION:
                        this.gak = GXDLMSSecureClient.decrypt(gXDLMSSettings.getKek(), bArr);
                        break;
                    case KEK:
                        this.kek = GXDLMSSecureClient.decrypt(gXDLMSSettings.getKek(), bArr);
                        break;
                    default:
                        valueEventArgs.setError(ErrorCode.INCONSISTENT_CLASS);
                        break;
                }
            }
        } catch (Exception e) {
            valueEventArgs.setError(ErrorCode.INCONSISTENT_CLASS);
        }
    }

    private boolean isAssigned(GXDLMSSettings gXDLMSSettings) {
        return gXDLMSSettings.getAssignedAssociation() == null || getLogicalName().compareTo(gXDLMSSettings.getAssignedAssociation().getSecuritySetupReference()) == 0;
    }

    private void securityActivate(GXDLMSSettings gXDLMSSettings, ValueEventArgs valueEventArgs) {
        Security security = gXDLMSSettings.getCipher().getSecurity();
        if (getVersion() != 0) {
            if (getVersion() == 1) {
                Set<SecurityPolicy> forValue = SecurityPolicy.forValue(((Number) valueEventArgs.getParameters()).byteValue());
                setSecurityPolicy(forValue);
                if (isAssigned(gXDLMSSettings)) {
                    if (forValue.contains(SecurityPolicy.AUTHENTICATED_RESPONSE)) {
                        security = Security.forValue(security.getValue() | Security.AUTHENTICATION.getValue());
                        gXDLMSSettings.getCipher().setSecurity(security);
                    }
                    if (forValue.contains(SecurityPolicy.ENCRYPTED_RESPONSE)) {
                        gXDLMSSettings.getCipher().setSecurity(Security.forValue(security.getValue() | Security.ENCRYPTION.getValue()));
                        return;
                    }
                    return;
                }
                return;
            }
            return;
        }
        Set<SecurityPolicy> forValue2 = SecurityPolicy.forValue(((Number) valueEventArgs.getParameters()).byteValue());
        setSecurityPolicy(forValue2);
        if (isAssigned(gXDLMSSettings)) {
            int integer = SecurityPolicy.toInteger(forValue2);
            if (integer == SecurityPolicy.AUTHENTICATED.getValue()) {
                gXDLMSSettings.getCipher().setSecurity(Security.AUTHENTICATION);
            } else if (integer == SecurityPolicy.ENCRYPTED.getValue()) {
                gXDLMSSettings.getCipher().setSecurity(Security.ENCRYPTION);
            } else if (integer == (SecurityPolicy.AUTHENTICATED.getValue() | SecurityPolicy.ENCRYPTED.getValue())) {
                gXDLMSSettings.getCipher().setSecurity(Security.AUTHENTICATION_ENCRYPTION);
            }
        }
    }

    public final void applyKeys(GXDLMSSettings gXDLMSSettings, ValueEventArgs valueEventArgs) {
        try {
            if (isAssigned(gXDLMSSettings)) {
                Iterator it = ((List) valueEventArgs.getParameters()).iterator();
                while (it.hasNext()) {
                    switch (GlobalKeyType.values()[((Number) ((List) it.next()).get(0)).intValue()]) {
                        case BROADCAST_ENCRYPTION:
                            if (valueEventArgs.getIndex() != 2) {
                                gXDLMSSettings.setEphemeralBroadcastBlockCipherKey(this.gbek);
                                break;
                            } else {
                                gXDLMSSettings.getCipher().setBroadcastBlockCipherKey(this.gbek);
                                break;
                            }
                        case UNICAST_ENCRYPTION:
                            if (valueEventArgs.getIndex() != 2) {
                                gXDLMSSettings.setEphemeralBlockCipherKey(this.guek);
                                break;
                            } else {
                                gXDLMSSettings.getCipher().setBlockCipherKey(this.guek);
                                break;
                            }
                        case AUTHENTICATION:
                            if (valueEventArgs.getIndex() != 2) {
                                gXDLMSSettings.setEphemeralAuthenticationKey(this.gak);
                                break;
                            } else {
                                gXDLMSSettings.getCipher().setAuthenticationKey(this.gak);
                                break;
                            }
                        case KEK:
                            gXDLMSSettings.setKek(this.kek);
                            break;
                        default:
                            valueEventArgs.setError(ErrorCode.INCONSISTENT_CLASS);
                            break;
                    }
                }
            }
        } catch (Exception e) {
            valueEventArgs.setError(ErrorCode.INCONSISTENT_CLASS);
        }
    }

    private static GXx509Certificate findCertificateByEntity(GXx509CertificateCollection gXx509CertificateCollection, CertificateEntity certificateEntity, CertificateType certificateType, byte[] bArr) {
        String systemTitleToSubject = GXAsn1Converter.systemTitleToSubject(bArr);
        int integer = KeyUsage.toInteger(GXAsn1Converter.certificateTypeToKeyUsage(certificateType));
        Iterator<GXx509Certificate> it = gXx509CertificateCollection.iterator();
        while (it.hasNext()) {
            GXx509Certificate next = it.next();
            if ((KeyUsage.toInteger(next.getKeyUsage()) & integer) != 0 && next.getSubject().contains(systemTitleToSubject)) {
                return next;
            }
        }
        return null;
    }

    @Override // gurux.dlms.objects.IGXDLMSBase
    public final int[] getAttributeIndexToRead(boolean z) {
        ArrayList arrayList = new ArrayList();
        if (z || getLogicalName() == null || getLogicalName().compareTo("") == 0) {
            arrayList.add(1);
        }
        if (z || canRead(2)) {
            arrayList.add(2);
        }
        if (z || canRead(3)) {
            arrayList.add(3);
        }
        if (z || canRead(4)) {
            arrayList.add(4);
        }
        if (z || canRead(5)) {
            arrayList.add(5);
        }
        if (getVersion() != 0 && (z || canRead(6))) {
            arrayList.add(6);
        }
        return GXDLMSObjectHelpers.toIntArray(arrayList);
    }

    @Override // gurux.dlms.objects.GXDLMSObject, gurux.dlms.objects.IGXDLMSBase
    public final int getAttributeCount() {
        return getVersion() == 0 ? 5 : 6;
    }

    @Override // gurux.dlms.objects.GXDLMSObject, gurux.dlms.objects.IGXDLMSBase
    public final int getMethodCount() {
        return getVersion() == 0 ? 2 : 8;
    }

    @Override // gurux.dlms.objects.GXDLMSObject
    public final DataType getDataType(int i) {
        if (i == 1) {
            return DataType.OCTET_STRING;
        }
        if (i != 2 && i != 3) {
            if (i != 4 && i != 5) {
                if (getVersion() <= 0) {
                    throw new IllegalArgumentException("getDataType failed. Invalid attribute index.");
                }
                if (i == 6) {
                    return DataType.ARRAY;
                }
                throw new IllegalArgumentException("getDataType failed. Invalid attribute index.");
            }
            return DataType.OCTET_STRING;
        }
        return DataType.ENUM;
    }

    private byte[] getCertificatesByteArray(GXDLMSSettings gXDLMSSettings) {
        GXByteBuffer gXByteBuffer = new GXByteBuffer();
        gXByteBuffer.setUInt8((byte) DataType.ARRAY.getValue());
        GXCommon.setObjectCount(this.serverCertificates.size(), gXByteBuffer);
        Iterator<GXx509Certificate> it = this.serverCertificates.iterator();
        while (it.hasNext()) {
            GXx509Certificate next = it.next();
            gXByteBuffer.setUInt8((byte) DataType.STRUCTURE.getValue());
            GXCommon.setObjectCount(6, gXByteBuffer);
            gXByteBuffer.setUInt8((byte) DataType.ENUM.getValue());
            if (next.isBasicConstraints()) {
                gXByteBuffer.setUInt8((byte) CertificateEntity.CERTIFICATION_AUTHORITY.getValue());
            } else if (next.getSubject().contains(GXAsn1Converter.systemTitleToSubject(this.serverSystemTitle))) {
                gXByteBuffer.setUInt8((byte) CertificateEntity.SERVER.getValue());
            } else {
                gXByteBuffer.setUInt8((byte) CertificateEntity.CLIENT.getValue());
            }
            gXByteBuffer.setUInt8((byte) DataType.ENUM.getValue());
            if (next.getKeyUsage().contains(KeyUsage.DIGITAL_SIGNATURE) && next.getKeyUsage().contains(KeyUsage.KEY_AGREEMENT)) {
                gXByteBuffer.setUInt8((byte) CertificateType.TLS.getValue());
            } else if (next.getKeyUsage().contains(KeyUsage.DIGITAL_SIGNATURE)) {
                gXByteBuffer.setUInt8((byte) CertificateType.DIGITAL_SIGNATURE.getValue());
            } else if (next.getKeyUsage().contains(KeyUsage.KEY_AGREEMENT)) {
                gXByteBuffer.setUInt8((byte) CertificateType.KEY_AGREEMENT.getValue());
            } else {
                gXByteBuffer.setUInt8((byte) CertificateType.OTHER.getValue());
            }
            gXByteBuffer.setUInt8(DataType.OCTET_STRING.getValue());
            byte[] byteArray = next.getSerialNumber().toByteArray();
            gXByteBuffer.setUInt8(byteArray.length);
            gXByteBuffer.set(byteArray);
            GXCommon.addString(next.getIssuer(), gXByteBuffer);
            GXCommon.addString(next.getSubject(), gXByteBuffer);
            GXCommon.addString("", gXByteBuffer);
        }
        return gXByteBuffer.array();
    }

    @Override // gurux.dlms.objects.GXDLMSObject, gurux.dlms.objects.IGXDLMSBase
    public final Object getValue(GXDLMSSettings gXDLMSSettings, ValueEventArgs valueEventArgs) {
        if (valueEventArgs.getIndex() == 1) {
            return GXCommon.logicalNameToBytes(getLogicalName());
        }
        if (valueEventArgs.getIndex() == 2) {
            return Integer.valueOf(SecurityPolicy.toInteger(this.securityPolicy));
        }
        if (valueEventArgs.getIndex() == 3) {
            return Integer.valueOf(getSecuritySuite().getValue());
        }
        if (valueEventArgs.getIndex() == 4) {
            return getClientSystemTitle();
        }
        if (valueEventArgs.getIndex() == 5) {
            return getServerSystemTitle();
        }
        if (valueEventArgs.getIndex() == 6) {
            return getCertificatesByteArray(gXDLMSSettings);
        }
        valueEventArgs.setError(ErrorCode.READ_WRITE_DENIED);
        return null;
    }

    private void updateSertificates(List<?> list) {
        this.certificates.clear();
        if (list != null) {
            Iterator<?> it = list.iterator();
            while (it.hasNext()) {
                List list2 = (List) it.next();
                GXDLMSCertificateInfo gXDLMSCertificateInfo = new GXDLMSCertificateInfo();
                gXDLMSCertificateInfo.setEntity(CertificateEntity.forValue(((Number) list2.get(0)).intValue()));
                gXDLMSCertificateInfo.setType(CertificateType.forValue(((Number) list2.get(1)).intValue()));
                gXDLMSCertificateInfo.setSerialNumber(new BigInteger((byte[]) list2.get(2)));
                try {
                    gXDLMSCertificateInfo.setIssuerRaw((byte[]) list2.get(3));
                    gXDLMSCertificateInfo.setIssuer(getStringFromAsn1(gXDLMSCertificateInfo.getIssuerRaw()));
                } catch (Exception e) {
                    gXDLMSCertificateInfo.setIssuer(new String((byte[]) list2.get(3)));
                }
                try {
                    gXDLMSCertificateInfo.setSubjectRaw((byte[]) list2.get(4));
                    gXDLMSCertificateInfo.setSubject(getStringFromAsn1(gXDLMSCertificateInfo.getIssuerRaw()));
                } catch (Exception e2) {
                    gXDLMSCertificateInfo.setSubject(new String((byte[]) list2.get(4)));
                }
                try {
                    gXDLMSCertificateInfo.setSubjectAltNameRaw((byte[]) list2.get(5));
                    gXDLMSCertificateInfo.setSubjectAltName(getStringFromAsn1(gXDLMSCertificateInfo.getSubjectAltNameRaw()));
                } catch (Exception e3) {
                    gXDLMSCertificateInfo.setSubjectAltName(new String((byte[]) list2.get(5)));
                }
                this.certificates.add(gXDLMSCertificateInfo);
            }
        }
    }

    @Override // gurux.dlms.objects.GXDLMSObject, gurux.dlms.objects.IGXDLMSBase
    public final void setValue(GXDLMSSettings gXDLMSSettings, ValueEventArgs valueEventArgs) {
        if (valueEventArgs.getIndex() == 1) {
            setLogicalName(GXCommon.toLogicalName(valueEventArgs.getValue()));
            return;
        }
        if (valueEventArgs.getIndex() == 2) {
            if (gXDLMSSettings.isServer()) {
                valueEventArgs.setError(ErrorCode.INCONSISTENT_CLASS);
                return;
            } else {
                this.securityPolicy = SecurityPolicy.forValue(((Number) valueEventArgs.getValue()).intValue());
                return;
            }
        }
        if (valueEventArgs.getIndex() == 3) {
            setSecuritySuite(SecuritySuite.forValue(((Number) valueEventArgs.getValue()).byteValue()));
            return;
        }
        if (valueEventArgs.getIndex() == 4) {
            if (valueEventArgs.getValue() == null || ((byte[]) valueEventArgs.getValue()).length == 8 || ((byte[]) valueEventArgs.getValue()).length == 0) {
                setClientSystemTitle((byte[]) valueEventArgs.getValue());
                return;
            } else {
                valueEventArgs.setError(ErrorCode.INCONSISTENT_CLASS);
                return;
            }
        }
        if (valueEventArgs.getIndex() == 5) {
            if (((byte[]) valueEventArgs.getValue()).length != 8) {
                valueEventArgs.setError(ErrorCode.INCONSISTENT_CLASS);
                return;
            } else {
                setServerSystemTitle((byte[]) valueEventArgs.getValue());
                return;
            }
        }
        if (valueEventArgs.getIndex() == 6) {
            updateSertificates((List) valueEventArgs.getValue());
        } else {
            valueEventArgs.setError(ErrorCode.READ_WRITE_DENIED);
        }
    }

    @Override // gurux.dlms.objects.IGXDLMSBase
    public final void load(GXXmlReader gXXmlReader) throws XMLStreamException {
        this.securityPolicy = SecurityPolicy.forValue(gXXmlReader.readElementContentAsInt("SecurityPolicy"));
        int readElementContentAsInt = gXXmlReader.readElementContentAsInt("SecurityPolicy0");
        if (readElementContentAsInt != 0) {
            this.securityPolicy = SecurityPolicy.forValue(readElementContentAsInt);
        }
        this.securitySuite = SecuritySuite.values()[gXXmlReader.readElementContentAsInt("SecuritySuite")];
        String readElementContentAsString = gXXmlReader.readElementContentAsString("ClientSystemTitle");
        if (readElementContentAsString == null) {
            this.clientSystemTitle = null;
        } else {
            this.clientSystemTitle = GXDLMSTranslator.hexToBytes(readElementContentAsString);
        }
        String readElementContentAsString2 = gXXmlReader.readElementContentAsString("ServerSystemTitle");
        if (readElementContentAsString2 == null) {
            this.serverSystemTitle = null;
        } else {
            this.serverSystemTitle = GXDLMSTranslator.hexToBytes(readElementContentAsString2);
        }
        this.certificates.clear();
        if (gXXmlReader.isStartElement("Certificates", true)) {
            while (gXXmlReader.isStartElement("Item", true)) {
                GXDLMSCertificateInfo gXDLMSCertificateInfo = new GXDLMSCertificateInfo();
                this.certificates.add(gXDLMSCertificateInfo);
                gXDLMSCertificateInfo.setEntity(CertificateEntity.forValue(gXXmlReader.readElementContentAsInt("Entity")));
                gXDLMSCertificateInfo.setType(CertificateType.forValue(gXXmlReader.readElementContentAsInt("Type")));
                gXDLMSCertificateInfo.setSerialNumber(new BigInteger(gXXmlReader.readElementContentAsString("SerialNumber")));
                gXDLMSCertificateInfo.setIssuer(gXXmlReader.readElementContentAsString("Issuer"));
                gXDLMSCertificateInfo.setSubject(gXXmlReader.readElementContentAsString("Subject"));
                gXDLMSCertificateInfo.setSubjectAltName(gXXmlReader.readElementContentAsString("SubjectAltName"));
            }
            gXXmlReader.readEndElement("Certificates");
        }
        String readElementContentAsString3 = gXXmlReader.readElementContentAsString("SigningKey");
        if (readElementContentAsString3 == null) {
            this.signingKey = null;
        } else {
            GXPkcs8 fromDer = GXPkcs8.fromDer(readElementContentAsString3);
            this.signingKey = new KeyPair(fromDer.getPublicKey(), fromDer.getPrivateKey());
        }
        String readElementContentAsString4 = gXXmlReader.readElementContentAsString("KeyAgreement");
        if (readElementContentAsString4 == null) {
            this.keyAgreement = null;
        } else {
            GXPkcs8 fromDer2 = GXPkcs8.fromDer(readElementContentAsString4);
            this.keyAgreement = new KeyPair(fromDer2.getPublicKey(), fromDer2.getPrivateKey());
        }
        String readElementContentAsString5 = gXXmlReader.readElementContentAsString("TLS");
        if (readElementContentAsString5 == null) {
            this.tls = null;
        } else {
            GXPkcs8 fromDer3 = GXPkcs8.fromDer(readElementContentAsString5);
            this.tls = new KeyPair(fromDer3.getPublicKey(), fromDer3.getPrivateKey());
        }
        this.serverCertificates.clear();
        if (gXXmlReader.isStartElement("ServerCertificates", true)) {
            while (gXXmlReader.isStartElement("Cert", false)) {
                GXx509Certificate fromDer4 = GXx509Certificate.fromDer(gXXmlReader.readElementContentAsString("Cert"));
                if (this.serverCertificates.find(fromDer4) == null) {
                    this.serverCertificates.add(fromDer4);
                }
            }
            gXXmlReader.readEndElement("ServerCertificates");
        }
        String readElementContentAsString6 = gXXmlReader.readElementContentAsString("Guek");
        if (readElementContentAsString6 != null) {
            this.guek = GXCommon.hexToBytes(readElementContentAsString6);
        }
        String readElementContentAsString7 = gXXmlReader.readElementContentAsString("Gbek");
        if (readElementContentAsString7 != null) {
            this.gbek = GXCommon.hexToBytes(readElementContentAsString7);
        }
        String readElementContentAsString8 = gXXmlReader.readElementContentAsString("Gak");
        if (readElementContentAsString8 != null) {
            this.gak = GXCommon.hexToBytes(readElementContentAsString8);
        }
        String readElementContentAsString9 = gXXmlReader.readElementContentAsString("Kek");
        if (readElementContentAsString9 != null) {
            this.kek = GXCommon.hexToBytes(readElementContentAsString9);
        }
    }

    @Override // gurux.dlms.objects.IGXDLMSBase
    public final void save(GXXmlWriter gXXmlWriter) throws XMLStreamException {
        gXXmlWriter.writeElementString("SecurityPolicy", SecurityPolicy.toInteger(this.securityPolicy));
        gXXmlWriter.writeElementString("SecuritySuite", this.securitySuite.ordinal());
        gXXmlWriter.writeElementString("ClientSystemTitle", GXDLMSTranslator.toHex(this.clientSystemTitle));
        gXXmlWriter.writeElementString("ServerSystemTitle", GXDLMSTranslator.toHex(this.serverSystemTitle));
        if (this.certificates != null && this.certificates.size() != 0) {
            gXXmlWriter.writeStartElement("Certificates");
            Iterator<GXDLMSCertificateInfo> it = this.certificates.iterator();
            while (it.hasNext()) {
                GXDLMSCertificateInfo next = it.next();
                gXXmlWriter.writeStartElement("Item");
                gXXmlWriter.writeElementString("Entity", next.getEntity().getValue());
                gXXmlWriter.writeElementString("Type", next.getType().getValue());
                gXXmlWriter.writeElementString("SerialNumber", next.getSerialNumber().toString());
                gXXmlWriter.writeElementString("Issuer", next.getIssuer());
                gXXmlWriter.writeElementString("Subject", next.getSubject());
                gXXmlWriter.writeElementString("SubjectAltName", next.getSubjectAltName());
                gXXmlWriter.writeEndElement();
            }
            gXXmlWriter.writeEndElement();
        }
        if (this.signingKey != null) {
            gXXmlWriter.writeElementString("SigningKey", new GXPkcs8(this.signingKey).toDer());
        }
        if (this.keyAgreement != null) {
            gXXmlWriter.writeElementString("KeyAgreement", new GXPkcs8(this.keyAgreement).toDer());
        }
        if (this.tls != null) {
            gXXmlWriter.writeElementString("TLS", new GXPkcs8(this.tls).toDer());
        }
        if (this.serverCertificates.size() != 0) {
            gXXmlWriter.writeStartElement("ServerCertificates");
            Iterator<GXx509Certificate> it2 = this.serverCertificates.iterator();
            while (it2.hasNext()) {
                gXXmlWriter.writeElementString("Cert", it2.next().toDer());
            }
            gXXmlWriter.writeEndElement();
        }
        if (this.guek != null) {
            gXXmlWriter.writeElementString("Guek", GXCommon.toHex(this.guek));
        }
        if (this.gbek != null) {
            gXXmlWriter.writeElementString("Gbek", GXCommon.toHex(this.gbek));
        }
        if (this.gak != null) {
            gXXmlWriter.writeElementString("Gak", GXCommon.toHex(this.gak));
        }
        if (this.kek != null) {
            gXXmlWriter.writeElementString("Kek", GXCommon.toHex(this.kek));
        }
    }

    @Override // gurux.dlms.objects.IGXDLMSBase
    public final void postLoad(GXXmlReader gXXmlReader) {
    }

    @Override // gurux.dlms.objects.IGXDLMSBase
    public String[] getNames() {
        return new String[]{"Logical Name", "Security Policy", "Security Suite", "Client System Title", "Server System Title"};
    }

    @Override // gurux.dlms.objects.IGXDLMSBase
    public String[] getMethodNames() {
        return new String[]{"Security activate", "Key transfer"};
    }
}
